According to recent data from ThreatFabric, malicious actors are using voice phishing (vishing) techniques to trick victims into installing Android malware on their devices. The Dutch mobile security company claimed to have discovered a phishing website network that targets Italians to use online banking to gather victims’ contact information. The social engineering technique, known as telephone-oriented attack delivery (TOAD), includes calling the victims and leveraging information already obtained from fraudulent websites. A criminal, who claims to be a bank assistance representative, asks the targeted persons to install a security program; in fact, they install malicious software designed to get remote access or commit financial fraud. In this case, it leads to the installation of Copybara, an Android virus that was originally identified in November 2021. Copybara’s RAT capabilities, like those of other Android-based malware, are supported by exploiting the accessibility services API of the operating system to capture private data and remove the downloader app to reduce its forensic footprints.
Additionally, it has been discovered that the threat actor’s infrastructure is being used to distribute a second malware called SMS Spy. It gives malicious actors access to all incoming SMS messages and allows them to intercept One-Time Passwords (OTPs) provided by banks. Scammers can construct effective Android malware campaigns without relying on traditional techniques like Google Play Store droppers, rogue advertisements, and smishing. “Such attacks require more resources on [threat actors’] side and are more sophisticated to perform and maintain. We also like to point out that targeted attacks from a fraud success perspective are unfortunately more successful, at least in this specific campaign,” stated ThreatFabric’s Mobile Threat Intelligence (MTI) team. According to the MTI team, all unusual calls should be investigated by contacting banking institutions. Financial institutions should inform their customers about ongoing campaigns and improve client apps with tools to detect any anomalies.